nexmon – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | #include <stdio.h> |
| 2 | #include <string.h> |
||
| 3 | #include <stdlib.h> |
||
| 4 | #include <unistd.h> |
||
| 5 | #include <time.h> |
||
| 6 | #include <getopt.h> |
||
| 7 | |||
| 8 | #include "attacks/attacks.h" |
||
| 9 | #include "osdep.h" |
||
| 10 | #include "ghosting.h" |
||
| 11 | #include "fragmenting.h" |
||
| 12 | |||
| 13 | #define VERSION "v7" |
||
| 14 | #define VERSION_COOL "OMG! He cleaned his code!" |
||
| 15 | |||
| 16 | char *mdk3_help = "MDK 3.0 " VERSION " - \"" VERSION_COOL "\"\n" |
||
| 17 | "by ASPj of k2wrlz, using the osdep library from aircrack-ng\n" |
||
| 18 | "And with lots of help from the great aircrack-ng community:\n" |
||
| 19 | "Antragon, moongray, Ace, Zero_Chaos, Hirte, thefkboss, ducttape,\n" |
||
| 20 | "telek0miker, Le_Vert, sorbo, Andy Green, bahathir, Dawid Gajownik,\n" |
||
| 21 | "Ruslan Nabioullin and Alex Oberle\n" |
||
| 22 | "THANK YOU!\n\n" |
||
| 23 | "MDK is a proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses.\n" |
||
| 24 | "IMPORTANT: It is your responsibility to make sure you have permission from the\n" |
||
| 25 | "network owner before running MDK against it.\n\n" |
||
| 26 | "This code is licenced under the GPLv2 or later\n\n" |
||
| 27 | "MDK USAGE:\n" |
||
| 28 | "mdk3 <interface> <attack_mode> [attack_options]\n\n" |
||
| 29 | "Try mdk3 --fullhelp for all attack options\n" |
||
| 30 | "Try mdk3 --help <attack_mode> for info about one attack only\n\n"; |
||
| 31 | |||
| 32 | |||
| 33 | void print_help_and_die(struct attacks *att, int att_cnt, char full, char *add_msg) { |
||
| 34 | int i; |
||
| 35 | |||
| 36 | printf("%s\n", mdk3_help); |
||
| 37 | |||
| 38 | #ifdef __linux__ |
||
| 39 | ghosting_print_help(); |
||
| 40 | #endif |
||
| 41 | |||
| 42 | frag_print_help(); |
||
| 43 | |||
| 44 | printf("Loaded %d attack modules\n\n", att_cnt); |
||
| 45 | |||
| 46 | for(i=0; i<att_cnt; i++) { |
||
| 47 | printf("ATTACK MODE %c: %s\n", att[i].mode_identifier, att[i].attack_name); |
||
| 48 | att[i].print_shorthelp(); |
||
| 49 | } |
||
| 50 | |||
| 51 | if (full) { |
||
| 52 | printf("\nFULL OPTIONS:\n"); |
||
| 53 | for(i=0; i<att_cnt; i++) { |
||
| 54 | printf("\nATTACK MODE %c: %s\n", att[i].mode_identifier, att[i].attack_name); |
||
| 55 | att[i].print_longhelp(); |
||
| 56 | } |
||
| 57 | } |
||
| 58 | |||
| 59 | if (add_msg) printf("\nERROR: %s\n", add_msg); |
||
| 60 | |||
| 61 | exit(1); |
||
| 62 | } |
||
| 63 | |||
| 64 | void main_loop(struct attacks *att, void *options) { |
||
| 65 | struct packet inject; |
||
| 66 | unsigned int p_sent = 0, p_sent_ps = 0, ret; |
||
| 67 | time_t t_prev = 0; |
||
| 68 | |||
| 69 | while (1) { |
||
| 70 | //Get packet |
||
| 71 | inject = att->get_packet(options); |
||
| 72 | if ((inject.data == NULL) || (inject.len == 0)) break; |
||
| 73 | |||
| 74 | //Send packet |
||
| 75 | if (frag_is_enabled()) ret = frag_send_packet(&inject); |
||
| 76 | else ret = osdep_send_packet(&inject); |
||
| 77 | |||
| 78 | if (ret) { |
||
| 79 | printf("Injecting packet failed :( Sorry.\n"); |
||
| 80 | exit(-1); |
||
| 81 | } |
||
| 82 | |||
| 83 | p_sent_ps++; |
||
| 84 | p_sent++; |
||
| 85 | |||
| 86 | //Show speed and stats |
||
| 87 | if((time(NULL) - t_prev) >= 1) { |
||
| 88 | t_prev = time(NULL); |
||
| 89 | att->print_stats(options); |
||
| 90 | printf("\rPackets sent: %6d - Speed: %4d packets/sec", p_sent, p_sent_ps); |
||
| 91 | fflush(stdout); |
||
| 92 | p_sent_ps=0; |
||
| 93 | } |
||
| 94 | |||
| 95 | //Perform checks |
||
| 96 | att->perform_check(options); |
||
| 97 | } |
||
| 98 | } |
||
| 99 | |||
| 100 | int parse_evasion(int argc, char *argv[]) { |
||
| 101 | int i = 1; |
||
| 102 | |||
| 103 | while(i < argc) { |
||
| 104 | if (i >= argc) break; |
||
| 105 | |||
| 106 | if (! strcmp(argv[i], "--ghost")) { |
||
| 107 | parse_ghosting(argv[i + 1]); |
||
| 108 | i += 2; |
||
| 109 | } else if (! strcmp(argv[i], "--frag")) { |
||
| 110 | parse_frag(argv[i + 1]); |
||
| 111 | i += 2; |
||
| 112 | } else return (i - 1); |
||
| 113 | } |
||
| 114 | |||
| 115 | return (i - 1); |
||
| 116 | } |
||
| 117 | |||
| 118 | int main(int argc, char *argv[]) { |
||
| 119 | struct attacks *a, *cur_attack = NULL; |
||
| 120 | void *cur_options; |
||
| 121 | int i, att_cnt; |
||
| 122 | |||
| 123 | a = load_attacks(&att_cnt); |
||
| 124 | |||
| 125 | if (geteuid() != 0) print_help_and_die(a, att_cnt, 0, "mdk3 requires root privileges."); |
||
| 126 | |||
| 127 | if (argc < 2) print_help_and_die(a, att_cnt, 0, NULL); |
||
| 128 | |||
| 129 | if (! strcmp(argv[1], "--fullhelp")) print_help_and_die(a, att_cnt, 1, NULL); |
||
| 130 | |||
| 131 | if (argc < 3) print_help_and_die(a, att_cnt, 0, NULL); |
||
| 132 | |||
| 133 | if (strlen(argv[2]) != 1) print_help_and_die(a, att_cnt, 0, "Attack Mode is only a single character!\n"); |
||
| 134 | |||
| 135 | for(i=0; i<att_cnt; i++) { |
||
| 136 | if (argv[2][0] == a[i].mode_identifier) cur_attack = a + i; |
||
| 137 | } |
||
| 138 | |||
| 139 | if (cur_attack == NULL) print_help_and_die(a, att_cnt, 0, "Invalid Attack Mode\n"); |
||
| 140 | |||
| 141 | if (! strcmp(argv[1], "--help")) { cur_attack->print_longhelp(); return 0; } |
||
| 142 | |||
| 143 | if (osdep_start(argv[1])) { |
||
| 144 | printf("Starting OSDEP on %s failed\n", argv[1]); |
||
| 145 | return 2; |
||
| 146 | } |
||
| 147 | |||
| 148 | /* drop privileges */ |
||
| 149 | setuid(getuid()); |
||
| 150 | |||
| 151 | for(i=0; i<att_cnt; i++) free(a[i].attack_name); //Make Valgrind smile :) |
||
| 152 | |||
| 153 | i = 2 + parse_evasion(argc - 2, argv + 2); |
||
| 154 | |||
| 155 | cur_options = cur_attack->parse_options(argc - i, argv + i); |
||
| 156 | if (!cur_options) return 1; |
||
| 157 | |||
| 158 | srandom(time(NULL)); //Fresh numbers each run |
||
| 159 | |||
| 160 | //Parsing done, start attacks |
||
| 161 | main_loop(cur_attack, cur_options); |
||
| 162 | |||
| 163 | return 0; |
||
| 164 | } |